• Stars
    star
    150
  • Rank 247,323 (Top 5 %)
  • Language
    Python
  • License
    Apache License 2.0
  • Created over 8 years ago
  • Updated over 4 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A workshop on Packet Crafting using Scapy.

The Art of Packet Crafting with Scapy

Online notes for this workshop is available at - https://scapy.disruptivelabs.in/

Virtual machine for the workshop is available at - https://archive.org/details/pysos_class3_labs_32bit.7z

Documentation is being tracked as part of documentation branch. If you want to contribute to the documentation then make changes to documentation branch and raise a PR.

Prerequisites

  • Little bit of programming experience in some language, not necessarily Python is preferable. (enough to know what's a "variable" or "if statement" etc)
  • Knowledge of Linux command-line skills is necessary but we'll pick it up in the workshop. (Usage of commands like cd, ls, grep, less...)
  • Must have knowledge of basic networking concepts(enough to know what's an IP address, port number, OSI Model etc).

Overview

  • This is an intense workshop on crafting packets using Python and Scapy.
  • We'll explore Scapy and craft packets using the framework.
  • We'll leverage Scapy as a framework to build custom network tools/utilities.

Objective

  • The objective is to understand network programming abstractions, use raw sockets & Scapy to craft packets, improvise in network reconnaissance phase.
  • We will work on practical network reconnaissance techniques like host discovery, service discovery, Remote OS finger printing, promiscuous node detection.
  • We'll learn how to launch Layer 2 attacks and detection techniques for these attacks.
  • We'll leverage Scapy to build custom tools/utilities such as sniffers, pcap analyser, Wi-Fi scanners and simple honeypots.

Environment & Labs

Mysterious boxes

A network with bunch of machines is provided where audience task is to find out as much as they can about the network, machines and security policies using Scapy. One of the machines on this network is a pre-packaged VM with all the necessary packages for attacking installed that we'll use as an attacker box and the other machines act as victims.

Network Hunting - CTF

A mini-CTF on a Software Defined Network. The audience task is to crack a set of challenges, circumvent security measures, subvert systems, perform network attacks to find and obtain the flag.

More Repositories

1

censys-enumeration

A script to extract subdomains/emails for a given domain using SSL/TLS certificate dataset on Censys
Python
151
star
2

domains-from-csp

A script to extract domain names from Content Security Policy(CSP) headers
Python
105
star
3

assets-from-spf

A Python script to parse net blocks & domain names from SPF record
Python
82
star
4

slurp-old

A tool to enumerate S3 buckets manually or via certstream
Go
80
star
5

hardware-hacking-for-software-folks

40
star
6

datasploit

Utilizing various Open Source Intelligence (OSINT) tools and techniques that we have found to be effective, DataSploit brings them all into one place, correlates the raw data captured and gives the user, all the relevant information about the domain/email/ phone number/person, etc. It allows you to collect relevant information about a target which can expand your attack/defence surface very quickly. Sometimes it might even pluck the low hanging fruits for you without even touching the target and give you quick wins. More documentation here: http://datasploit.readthedocs.io/en/latest/.
Python
28
star
7

scapy-scripts

A collection of scapy scripts, mostly security stuff.
Python
17
star
8

python-network-programming

A workshop on network programming using the Python language.
8
star
9

nic.in-subdomain-tracker

A repo to track subdomains of nic.in
7
star
10

Effective-OpenSSH-Client-Usage-Workshop

A workshop on using OpenSSH client suite effectively
HTML
6
star
11

ctlog-utilities

Quick and dirty utilities I scribbled while digging through Certificate Transparency logs using crt.sh
Python
6
star
12

GoI-subdomains-directory

List of subdomains/web apps by Government of India (GoI).
4
star
13

talks

Collection of slides/presentations from various talk that I have given in the past.
3
star
14

understanding-wmi

Repo for "Understanding WMI" talk given at Null, Bangalore March 10th 2018
CSS
2
star
15

dotfiles

A collection of personal dotfiles. i3wm, zsh and Dell XPS 13 9350
2
star
16

dns-for-penetration-testers-nullblr

DNS for penetration testers talk given at Nullblr June 2017.
CSS
2
star
17

yamakira.github.io

personal website/blog - http://disruptivelabs.in
JavaScript
2
star
18

pyliners

A collection of Python onliners
2
star
19

python-for-system-administration

A workshop on using Python language for system administration
Shell
2
star
20

python-foundations

Online notes for this workshop is available at -
Python
1
star
21

protocols-for-penetration-testers

A meta repository to keep track of infomation about series of workshops, titled "Protocols for Penetration Testers"
1
star
22

insecuredns

insecuredns is a damn vulnerable DNS server to demonstrate common vulnerabilities in DNS implementations
1
star